Mail archive
alpine-devel

Re: [alpine-devel] [PATCH] acf-openssl: as per feature request #354: download cert plus set encryption bits and period of validity

From: Ted Trask <ttrask01_at_yahoo.com>
Date: Tue, 5 Jul 2011 16:17:42 -0700 (PDT)

I tried to apply the patch, but ran into trouble. I kept getting line wraps and HTML tags and other garbage. Since I tried it with two different mail clients, I'm wondering if it was a problem when sending the patch. Can you please try again using 'git send-email'? Or, can someone else help me to apply the patch? Thanks. Ted ________________________________ From: Luke Stuart <lukestu_at_gmail.com> To: alpine-devel_at_lists.alpinelinux.org Sent: Thursday, June 23, 2011 8:30 AM Subject: [alpine-devel] [PATCH] acf-openssl: as per feature request #354: download cert plus set encryption bits and period of validity ---  openssl-controller.lua        |    5 +++++  openssl-editdefaults-html.lsp |    2 +-  openssl-model.lua             |   32 ++++++++++++++++++++++++++++----  openssl-request-html.lsp      |    2 +-  openssl-status-html.lsp       |    3 ++-  openssl.roles                 |    6 +++---  6 files changed, 40 insertions(+), 10 deletions(-) diff --git a/openssl-controller.lua b/openssl-controller.lua index 7d9ae9a..3f8750b 100755 --- a/openssl-controller.lua +++ b/openssl-controller.lua @@ -116,6 +116,11 @@ putcacert = function(self)        return controllerfunctions.handle_form(self, self.model.getnewputca, self.model.putca, self.clientdata, "Upload", "Upload CA Certificate", "Certificate Uploaded")  end +downloadpem = function(self) +        self.conf.viewtype="stream" +        return self.model.getpem(self.clientdata.dlpath) +end +  -- Generate a self-signed CA  generatecacert = function(self)        return controllerfunctions.handle_form(self, self.model.getnewcarequest, self.model.generateca, self.clientdata, "Generate", "Generate CA Certificate", "Certificate Generated") diff --git a/openssl-editdefaults-html.lsp b/openssl-editdefaults-html.lsp index 9052213..b73b0a8 100644 --- a/openssl-editdefaults-html.lsp +++ b/openssl-editdefaults-html.lsp @@ -6,7 +6,7 @@        form.action = page_info.script .. page_info.prefix .. page_info.controller .. "/" .. page_info.action        local order = { "countryName", "C", "stateOrProvinceName", "ST", "localityName", "L", "organizationName", "O",                        "organizationalUnitName", "OU", "commonName", "CN", "emailAddress" } -       local finishingorder = { "certtype", "extensions" } +       local finishingorder = { "encryption", "validdays", "certtype", "extensions" }        displayform(form, order, finishingorder)  %> diff --git a/openssl-model.lua b/openssl-model.lua index b5a84a6..a9b6f83 100755 --- a/openssl-model.lua +++ b/openssl-model.lua @@ -30,7 +30,7 @@ local short_names = { countryName="C", stateOrProvinceName="ST", localityName="L  local extensions = { "basicConstraints", "nsCertType", "nsComment", "keyUsage", "subjectKeyIdentifier",                        "authorityKeyIdentifier", "subjectAltName", "issuerAltName" }  -- list of entries that must be found in ca section (used to define our certificate types) -local ca_mandatory_entries = { "new_certs_dir", "certificate", "private_key", "default_md", "database", "serial", "policy" } +local ca_mandatory_entries = { "new_certs_dir", "certificate", "private_key", "default_md", "database", "serial", "policy", "default_days" }  -- Create a cfe with the distinguished name defaults  local getdefaults = function() @@ -308,6 +308,14 @@ end  getreqdefaults = function()        local defaults = getdefaults() +        --Add in the encryption bit default +         local encryption = config.req.default_bits +         defaults.value.encryption = cfe({ type="select", label="Encryption Bits", value=encryption, option={"2048", "4096"} }) + +         -- Add in the default days +         local validdays = getconfigentry(config.ca.default_ca, "default_days") +         defaults.value.validdays = cfe({ type="text", label="Period of Validity (Days)", value=validdays, descr="Number of days this certificate is valid for" }) +        -- Add in the ca type default        defaults.value.certtype = cfe({ type="select", label="Certificate Type",                value=config.ca.default_ca, option=find_ca_sections() }) @@ -339,9 +347,10 @@ setreqdefaults = function(defaults)                        ext_section = config.req.req_extensions                end                config = nil +               fileval = format.update_ini_file(fileval,"","default_days",defaults.value.validdays.value)                fileval = format.set_ini_section(fileval, ext_section, format.dostounix(defaults.value.extensions.value))                fileval = format.update_ini_file(fileval, "ca", "default_ca", defaults.value.certtype.value) -               fileval = write_distinguished_names(fileval, defaults, {"certtype", "extensions"}) +               fileval = write_distinguished_names(fileval, defaults, {"certtype", "extensions", "validdays"})                fs.write_file(configfile, fileval)        end @@ -383,6 +392,11 @@ submitrequest = function(defaults, user)                defaults.errtxt = "Failed to submit request\nRequest already exists"                success = false        end + +       if not tonumber(defaults.value.validdays.value) then +               defaults.value.validdays.errtxt = "Period of Validity is not a number" +               success = false +       end        if success then                -- Submit the request @@ -403,7 +417,9 @@ submitrequest = function(defaults, user)                                end                        end                end - + +               fileval = format.update_ini_file(fileval, "req","default_bits",defaults.value.encryption.value) +               fileval = format.update_ini_file(fileval, "","default_days",defaults.value.validdays.value)                fileval = format.set_ini_section(fileval, ext_section, content)                fileval = format.update_ini_file(fileval, "req", "req_extensions", ext_section)                fs.write_file(reqname..".cfg", fileval) @@ -470,7 +486,7 @@ approverequest = function(request)                local certname = certdir..request.."."..serial                -- Now, sign the certificate -               local cmd = path .. "openssl ca -config "..configfile.." -in "..format.escapespecialcharacters(reqpath)..".csr -out "..format.escapespecialcharacters(certname)..".crt -name "..format.escapespecialcharacters(certtype).." -batch 2>&1" +               local cmd = path .. "openssl ca -config "..format.escapespecialcharacters(reqpath)..".cfg -in "..format.escapespecialcharacters(reqpath)..".csr -out "..format.escapespecialcharacters(certname)..".crt -name "..format.escapespecialcharacters(certtype).." -batch 2>&1"                local f = io.popen(cmd)                cmdresult.value = f:read("*a")                f:close() @@ -680,6 +696,14 @@ getcrl = function(crltype)        return crlfile  end +getpem = function(pem) +        local f = fs.read_file(pem) or "" +        local fname = string.gsub(pem, ".*/", "") +        if validator.is_valid_filename(pem, openssldir) then +                return cfe({ type="raw", value=f, label=fname, option="application/x-pkcs12" }) +        end +end +  getnewputca = function()        local ca = cfe({ type="raw", value=0, label="CA Certificate", descr='File must be a password protected ".pfx" file' })        local password = cfe({ label="Certificate Password" }) diff --git a/openssl-request-html.lsp b/openssl-request-html.lsp index 2bc3af9..acbe8ed 100644 --- a/openssl-request-html.lsp +++ b/openssl-request-html.lsp @@ -8,7 +8,7 @@        form.value.password_confirm.type = "password"        local order = { "countryName", "C", "stateOrProvinceName", "ST", "localityName", "L", "organizationName", "O",                        "organizationalUnitName", "OU", "commonName", "CN", "emailAddress" } -       local finishingorder = { "certtype", "extensions", "password", "password_confirm" } +       local finishingorder = { "certtype", "validdays", "extensions", "password", "password_confirm" }        displayform(form, order, finishingorder)  %> diff --git a/openssl-status-html.lsp b/openssl-status-html.lsp index 1837ab0..0f73d35 100644 --- a/openssl-status-html.lsp +++ b/openssl-status-html.lsp @@ -32,4 +32,5 @@                end        end  end %> - +<% if viewlibrary.check_permission("downloadpem") then %> <H1>Download +Certificate</H1> <DL> <%= html.link{value="downloadpem?dlpath="..html.html_escape(view.value.cacert.value), label="Download "..view.value.cacert.value } %><BR> </DL><% end %> diff --git a/openssl.roles b/openssl.roles index eb63818..03f5df1 100644 --- a/openssl.roles +++ b/openssl.roles @@ -1,6 +1,6 @@  USER=openssl:status,openssl:getrevoked  EDITOR=openssl:editdefaults  CERT_REQUESTER=openssl:read,openssl:request,openssl:viewrequest,openssl:deletemyrequest,openssl:viewcert,openssl:getcert,openssl:requestrenewcert -CERT_APPROVER=openssl:readall,openssl:approve,openssl:viewrequest,openssl:deleterequest,openssl:revoke,openssl:viewcert,openssl:getcert,openssl:deletecert,openssl:renewcert -EXPERT=openssl:putcacert,openssl:generatecacert,openssl:editconfigfile,openssl:checkenvironment -ADMIN=openssl:status,openssl:getrevoked,openssl:editdefaults,openssl:read,openssl:request,openssl:viewrequest,openssl:deletemyrequest,openssl:viewcert,openssl:getcert,openssl:requestrenewcert,openssl:editdefaults,openssl:readall,openssl:approve,openssl:deleterequest,openssl:revoke,openssl:deletecert,openssl:renewcert,openssl:putcacert,openssl:generatecacert,openssl:editconfigfile,openssl:checkenvironment +CERT_APPROVER=openssl:readall,openssl:approve,openssl:viewrequest,openssl:deleterequest,openssl:revoke,openssl:viewcert,openssl:getcert,openssl:deletecert,openssl:renewcert,openssl:downloadpem +EXPERT=openssl:putcacert,openssl:generatecacert,openssl:editconfigfile,openssl:checkenvironment,openssl:downloadpem +ADMIN=openssl:status,openssl:getrevoked,openssl:editdefaults,openssl:read,openssl:request,openssl:viewrequest,openssl:deletemyrequest,openssl:viewcert,openssl:getcert,openssl:requestrenewcert,openssl:editdefaults,openssl:readall,openssl:approve,openssl:deleterequest,openssl:revoke,openssl:deletecert,openssl:renewcert,openssl:putcacert,openssl:generatecacert,openssl:editconfigfile,openssl:checkenvironment,openssl:downloadpem -- 1.7.5.4 --- Unsubscribe:  alpine-devel+unsubscribe_at_lists.alpinelinux.org Help:        alpine-devel+help_at_lists.alpinelinux.org ---


---
Unsubscribe:  alpine-devel+unsubscribe_at_lists.alpinelinux.org
Help:         alpine-devel+help_at_lists.alpinelinux.org
---
Received on Tue Jul 05 2011 - 16:17:42 UTC